FAQ - Client

The client shows a newer version. Why didn’t it notify me of an update?

Assuming you have update notifications switched on (in Preferences) this probably means the newer version is not recommended for your device.

In the list of versions in the client, the recommended version is identified by a ‘*’. This is the version which is closest to the current version – the version that the developers of the application publish to Google Play or their website, or tag in their source code repository. There may be newer versions than this in the list – they could be, for example, test or beta versions. You can install these, but update notifications are not shown because the Version Code (Android’s scheme for version numbering) is greater than the CurrentVersionCode.

For third-party repositories, it may also be the case that the maintainers neglected to update the current version in their repository’s metadata.

Why does F-Droid need these permissions?

F-Droid is an app store, that means it is already entirely responsible for finding, downloading and installing apps. That means it already has all permissions, in effect. For example, a malicious app store with no permissions could modify every app as it installs it, granting itself all permissions via those modified apps. This is why it is so important that an app store is Free Software and publicly audited. F-Droid is both. That said, F-Droid declares the permissions it actually uses so that it is honest and transparent about what it is doing.

Here are the permissions that F-Droid current uses:

Download apps from f-droid.org and other app repositories:
android.permission.INTERNET
Start itself automatically at boot time so that it can receive updates:
android.permission.RECEIVE_BOOT_COMPLETED
For the nearby service to get current Wi-Fi status, and prompt the user to enable Wi-Fi when swapping:
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
For the nearby service to see the Bluetooth state, and prompt the user to enable Bluetooth when swapping:
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH_CONNECT
Exchange repository information via the Repo Details screen, and to optionally assist nearby swap connection:
android.permission.NFC
Allow the user to enable Wi-Fi AP Hotspot mode from the nearby service:
android.permission.WRITE_SETTINGS
Allows the nearby service to stay running as long as the user leaves it running:
android.permission.WAKE_LOCK
Find and use compatible repositories and mirrors on external storage:
android.permission.READ_EXTERNAL_STORAGE
android.permission.MANAGE_EXTERNAL_STORAGE
Detect when a USB thumb drive has been inserted, so it can be scanned to find compatible repositories and mirrors:
android.permission.USB_PERMISSION
Temporarily store and use downloaded files on external storage:
android.permission.WRITE_EXTERNAL_STORAGE

F-Droid Privileged Extension is also relevant here, although it falls outside of the Android system of declaring permissions. Privileged Extension is installed with priv-app permissions, which gives F-Droid system-level access privileges to Android. The use of Privileged Extension improves security by allowing automatic app updates as well as letting the user leave the “Unknown Sources” setting off. Privileged Extension is designed on the principals of “least privilege”, so that elevated powers are only granted where they are absolutely needed, and those powers are limited as much as possible. In order to make it possible outside reviewers to confirm that, we have made Privileged Extension as simple and small as possible.

What is expert mode?

Enabling the ‘Expert Mode’ setting in Preferences will make the client display additional information which is probably not useful to most people. This includes things like package IDs and signature hashes. Some extra configuration options also appear.

I can download apps, but then “Install” is disabled. Why?

Some users have apps such as Twilight installed, which draw directly to the screen regardless of what app is shown. For security reasons, Android wisely doesn’t allow apps to be installed when such apps are running. If it did, then people could create apps that draw a fake “Install” button over the top of the real one, resulting in users installing unwanted apps. The solution is to disable such apps before installing via F-Droid.

See Issue 151 or this Google+ comment for more details.

Why doesn’t the client show the number of installs/downloads for each app?

To show how many people had installed an app, we would have to be spying on them - in other words, keeping track of what apps people install and uninstall on their devices, and sending that data back to ourselves. We don’t do that, and we’re not going to do it.

Theoretically, the number of downloads is available via our web server logs. However, this would be a meaningless figure because:

  1. I might download an app, and decide not to install it
  2. I might download and install it, then uninstall it immediately because I don’t like it
  3. I might download my app 1,000,000 times to make it look popular

Additionally, on a technical level, we don’t even track that information. While the back-end server does track hits on each APK, these are actually served up by multiple front-end servers that cache. This means one counted hit could represent one download, or a million. Theoretically we could resolve this, but we are not interested enough to do so.

Finally, even assuming any of this information were available, what does it actually mean? Are you going to use an app just because lots of others do, or ignore it because few others have discovered it yet? Is this a sensible way to decide whether something is useful to you or not? Perhaps you should just try it.

How can I send or setup the F-Droid app using NFC or Android Beam?

Starting with v1.20, the F-Droid client does not support these features anymore as the underlying code has been removed from the Android 14 SDK after being deprecated since Android 10. More info here.

How can I send apps via Bluetooth or WiFi?

This is done using the ‘Nearby’ Tab in F-Droid (previously called ‘Swap’). See here for a walkthrough.

What is the security model that F-Droid uses?

The F-Droid security model started out with HTTPS connections and signed metadata. It has been evolving, inspired by Debian, The Update Framework, and other things. You can read about details here: Security Model.